Exploiting weak/predictable user credentials is one of the most common and successful attack scenarios used against SAP systems. During the installation, SAP systems create the standard users SAP*, DDIC and EARLYWATCH. Acunetix WVS tried the default passwords for these standard users (and other commonly used SAP users) and managed to guess a set of credentials that were accepted by the SAP system.


To protect standard SAP users from unauthorized use:

  • Define a new superuser and deactivate SAP*.
  • Change all of the default passwords for these users.


Related Vulnerabilities